cleantalk
Vulnerabilities and Security Researches

Subaccounts for WooCommerce, d549139954f92cf6ed7fd0d234e19d2257f78ba1

CVE, Research URL

d549139954f92cf6ed7fd0d234e19d2257f78ba1

Home page URL

Security reports for Subaccounts for WooCommerce

Application

Subaccounts for WooCommerce

Published on
Jul 19, 2023
Research Description
Subaccounts for WooCommerce [subaccounts-for-woocommerce] < 1.4.0 WordPress Subaccounts for WooCommerce Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Subaccounts for WooCommerce plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Subaccounts for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.0.
Affected versions
Min -, max 1.4.0.
Status
vulnerable
Previous vulnerability researches
Subaccounts for WooCommerce (CVE-2025-47461) , May 16, 2025
Subaccounts for WooCommerce (CVE-2024-11370) , Nov 23, 2024
Subaccounts for WooCommerce (d549139954f92cf6ed7fd0d234e19d2257f78ba1) , Jun 07, 2024
New vulnerability
Icegram Engage &#8211; WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2024-13486) , May 16, 2025
Icegram Engage &#8211; WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2024-13482) , May 16, 2025
Calculated Fields Form (CVE-2024-13382) , May 16, 2025
Jetpack Boost &#8211; Website Speed, Performance and Critical CSS (CVE-2024-10076) , May 16, 2025
百度站长SEO合集(支持百度/神马/Bing/头条推送) (CVE-2025-3917) , May 16, 2025